Skip to content

Add Multi-Factor Authentication to Legacy Systems with Agilicus AnyX: Water Facilities and SCADA

A municipality in Eastern Canada was seeking a method for securing access to the SCADA systems in their water treatment facility through the implementation of Multi-Factor Authentication. This was driven by pressures from city council to improve security, qualify for cyber insurance, and support the different levels of access needed by stakeholders supporting the facility.

The IT team specifically needed to balance security with accessibility – they needed to ensure that the teams supporting the SCADA system had remote access to the Human Machine Interface’s (HMI) thin client without sacrificing the security of the network.

Security Challenges

The IT department had various hurdles to overcome on their path to support the water team and provide them with secure access to the SCADA application. The municipality was facing four key problems:

end-to-end-encryption
identity-aware-web-application-firewall

Their SCADA systems was exposed and reachable via the public internet

Pressures to meet cyber insurance requirements from council

authorisation-management
cyber-security-policies

A workforce that did not like to change the way they do things

The system in question was a critical system that always had to be connected to the internet and could never be logged out, updated, or shut down

After doing some research the municipality identified it is possible to keep these systems off the public internet and allow access without using a VPN.  What was most interesting to them is that this could be done with zero changes to their network or the way employees access the systems.


Using Multi-Factor Authentication and Zero Trust Network Access to Increase Security with Agilicus AnyX

Working with Agilicus, the municipality implemented the AnyX platform and was able to achieve secure access to their water management and SCADA systems as well as adding an extra layer of protection through enforcing multi-factor authentication.

The municipality was able to achieve the following:

pam-multi-factor-authentication

Enhanced security by providing a platform that removed the exposed URL to behind a firewall while leaving their systems fully accessible, but not visible to the public internet

security-ease-of-implementation

Achieved a quick and frictionless implementation without network changes in under an hour

Fulfilled cyber insurance requirements by ensuring each user is challenged with the second factor before access is granted and seamlessly allowed the continued use of existing USB security keys

weak-vpn-server-security

Added enhanced protection against common security threats including blocking lateral traversal, restricting user privileges, and producing a full audit log

As a result, the municipality was able to avoid a project that would have normally taken months and met their incoming multi-factor requirements for all users in under an hour. This was all achieved while allowing employees to use their existing credentials, be seamlessly authorised, and require no additional training through Agilicus’ robust solution.


Business Impact

By securing remote access with multi-factor authentication and implementing Zero Trust Network Access the municipality was able to protect their critical systems while simplifying administration. All of this was achieved without the necessity of making changes to the network or installing new hardware. The region was able to achieve the multi-factor authentication they sought after without the use of drastically different technologies and personal device changes. In addition, the municipality established a secure encrypted connection to the Agilicus cloud giving them total control over who had access to the SCADA system and what each user was able to access, all while reducing the time to connect.

In the end, the municipality was able to become more secure, lower their administrative overhead, and have a single pane of glass strategy to control access.


no-gateways
no-network-configuration

Increased Cyber Resilience

No Network Changes or Additional Systems

fast-deployment
seamless
user-onboarding

Reduced time to connect

Met Cyber Insurance Requirements

Reduced Administrative Overhead


Get in Touch

Interested in learning more about how the Agilicus AnyX platform works to enforce multi-factor authentication across IT and operational technology resources? Fill out the form below to get in touch with our team.

First Name
Last Name
Message
Thanks! Someone will contact you.
There was an error. Email web-info @ agilicus.com if you need assistance.